Received: by mail.netbsd.org (Postfix, from userid 605) id 4B16B84DBC; Wed, 4 Apr 2018 10:41:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 4373484D62 for ; Wed, 4 Apr 2018 10:41:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id Bz-7Wl2ST4On for ; Wed, 4 Apr 2018 10:41:15 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id A222F84CCE for ; Wed, 4 Apr 2018 10:41:15 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 9B07CFBEC; Wed, 4 Apr 2018 10:41:15 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_152283847532360" MIME-Version: 1.0 Date: Wed, 4 Apr 2018 10:41:15 +0000 From: "Filip Hajny" Subject: CVS commit: pkgsrc/lang/nodejs To: pkgsrc-changes@NetBSD.org Reply-To: fhajny@netbsd.org X-Mailer: log_accum Message-Id: <20180404104115.9B07CFBEC@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_152283847532360 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: fhajny Date: Wed Apr 4 10:41:15 UTC 2018 Modified Files: pkgsrc/lang/nodejs: Makefile distinfo Log Message: nodejs 9.10.1 - No code changes nodejs 9.10.0 Fixes for the following CVEs are included in this release: - CVE-2018-7158 - CVE-2018-7159 - CVE-2018-7160 Notable Changes - Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious website could use a DNS rebinding attack to trick a web browser to bypass same-origin-policy checks and allow HTTP connections to localhost or to hosts on the local network, potentially to an open inspector port as a debugger, therefore gaining full code execution access. The inspector now only allows connections that have a browser Host value of localhost or localhost6. - Fix for 'path' module regular expression denial of service (CVE-2018-7158): A regular expression used for parsing POSIX paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted 'path' module functions. - Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The Node.js HTTP parser allowed for spaces inside Content-Length header values. Such values now lead to rejected connections in the same way as non-numeric values. - Update root certificates: 5 additional root certificates have been added to the Node.js binary and 30 have been removed. - cluster: Add support for NODE_OPTIONS="--inspect" - crypto: Expose the public key of a certificate - n-api: Add napi_fatal_exception to trigger an uncaughtException in JavaScript - path: Fix regression in posix.normalize - stream: Improve stream creation performance nodejs 9.9.0 assert: - From now on all error messages produced by assert in strict mode will produce a error diff. - From now on it is possible to use a validation object in throws instead of the other possibilities. crypto: - allow passing null as IV unless required fs: - support as and as+ flags in stringToFlags() tls: - expose Finished messages in TLSSocket tty: - Add getColorDepth function to determine if terminal supports colors. util: - add util.inspect compact option To generate a diff of this commit: cvs rdiff -u -r1.121 -r1.122 pkgsrc/lang/nodejs/Makefile cvs rdiff -u -r1.117 -r1.118 pkgsrc/lang/nodejs/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_152283847532360 Content-Disposition: inline Content-Length: 1830 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/lang/nodejs/Makefile diff -u pkgsrc/lang/nodejs/Makefile:1.121 pkgsrc/lang/nodejs/Makefile:1.122 --- pkgsrc/lang/nodejs/Makefile:1.121 Tue Mar 13 16:22:00 2018 +++ pkgsrc/lang/nodejs/Makefile Wed Apr 4 10:41:15 2018 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.121 2018/03/13 16:22:00 fhajny Exp $ +# $NetBSD: Makefile,v 1.122 2018/04/04 10:41:15 fhajny Exp $ -DISTNAME= node-v9.8.0 +DISTNAME= node-v9.10.1 # Stated by the changelog as of 8.2.0 GCC_REQD+= 4.9.4 Index: pkgsrc/lang/nodejs/distinfo diff -u pkgsrc/lang/nodejs/distinfo:1.117 pkgsrc/lang/nodejs/distinfo:1.118 --- pkgsrc/lang/nodejs/distinfo:1.117 Fri Mar 23 21:07:53 2018 +++ pkgsrc/lang/nodejs/distinfo Wed Apr 4 10:41:15 2018 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.117 2018/03/23 21:07:53 joerg Exp $ +$NetBSD: distinfo,v 1.118 2018/04/04 10:41:15 fhajny Exp $ -SHA1 (node-v9.8.0.tar.gz) = d9d30f6d255353f76ddc869e0d66c55a503afd2d -RMD160 (node-v9.8.0.tar.gz) = 6ca4e9638643ca42c8877adb95d91760cd106994 -SHA512 (node-v9.8.0.tar.gz) = 8c56699a123c255d577c3a8a6d9c95a58342f050e66a1e6bbe5109cd630a7d78e686fa850f51c5b60a96ccfb4b16385b6c326ccbc61c6ad1ff226a8650cab87e -Size (node-v9.8.0.tar.gz) = 31474422 bytes +SHA1 (node-v9.10.1.tar.gz) = f0032621ed9ed6db75654ab237daa7153e12285f +RMD160 (node-v9.10.1.tar.gz) = 204374868edd084ff92419ff7c94abc62f6f28ff +SHA512 (node-v9.10.1.tar.gz) = cf2f6afc0e7b597bea426522dec79a53aa7668ca3e594a95ec33bc3dd042e410fde6dc1980cb1626497f64bdcaebaeac1a08ee66f19cb70694200b469e83de8e +Size (node-v9.10.1.tar.gz) = 31411130 bytes SHA1 (patch-common.gypi) = 6c4f5c3f82270d5ebadce2ad3228a058634595cb SHA1 (patch-deps_cares_cares.gyp) = 2235eb44bc984fa2e745fdf1786f1ae6de6ef80f SHA1 (patch-deps_npm_node__modules_node-gyp_gyp_pylib_gyp_generator_make.py) = 78d6ddd37ae30e869e0da666a78baad86a638c50 --_----------=_152283847532360--